defrec establishing physical function virtualization to
play

DefRec: Establishing Physical Function Virtualization to Disrupt - PowerPoint PPT Presentation

Dec 27, 2023 •225 likes •574 views

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids Cyber-Physical Infrastructures Hui Lin 1 , Jianing Zhuang 1 , Yih-Chun Hu 2 , Huayu Zhou 1 1 University of Nevada, Reno 2 University of Illinois,

  1. DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids’ Cyber-Physical Infrastructures Hui Lin 1 , Jianing Zhuang 1 , Yih-Chun Hu 2 , Huayu Zhou 1 1 University of Nevada, Reno 2 University of Illinois, Urbana-Champaign 1

  2. 2

  3. From Passive Detection to Preemptive Prevention • Preemptive approaches disrupting reconnaissance before an adversary starts to inflict physical damage are highly desirable – Preventing reconnaissance on a critical set of physical data can cover more attacks, including unknown ones • Research gap to design practical and efficient anti- reconnaissance approaches – Mimicking system behaviors can be easily detected – Simulations (used in honeypots) are based on a static specification • E.g., inconsistent to proprietary implementation – No not model physical processes 3

  4. Threat Model • We assume that adversaries can compromise any computing devices connected to the control network – Passive attacks monitor network traffic to obtain the knowledge of power grids’ cyber-physical infrastructures – Proactive attacks achieve the same goal by using probing messages – Active attacks manipulate network traffic, including dropping, delaying, compromising existing network packets, or injecting new packets • Passive and proactive attacks are common techniques used in reconnaissance, while active attacks are used to issue attack- concept operations and cause physical damage 4

  5. Design Objective • Disrupt and mislead attackers’ reconnaissance based on passive and proactive attacks, such that their active attacks become ineffective – RO1 & RO2: significantly delay passive and proactive attacks for obtaining the knowledge of the control network – RO3: leverage intelligently crafted decoy data to mislead adversaries into designing ineffective attacks 5

  6. Design Overview of DefRec based on PFV 6

  7. Design Overview of DefRec based on PFV PFV (physical function virtualization): construct virtual nodes that follow the actual implementation of real devices • Complementary to existing Trusted computing base (TCB): security approaches • Network controller application • Edge switches • A few end devices (used as seed devices) • Communication channels connecting them 6

  8. Design Overview of DefRec based on PFV DefRec: specify security policies to disrupt reconnaissance PFV (physical function virtualization): construct virtual nodes that follow the actual implementation of real devices • Complementary to existing Trusted computing base (TCB): security approaches • Network controller application • Edge switches • A few end devices (used as seed devices) • Communication channels connecting them 6

  9. Design Overview of DefRec based on PFV DefRec: specify security policies to disrupt reconnaissance Bus 7 Bus 6 PFV (physical function virtualization): construct virtual nodes that follow the actual implementation of real devices • Complementary to existing Trusted computing base (TCB): security approaches • Network controller application • Edge switches • A few end devices (used as seed devices) • Communication channels connecting them 6

  10. Implementation • Communication networks • Implementation of PFV & DefRec • Physical device • Power grid simulation 7

  11. Implementation – Communication Network • Follow implementation presented in a NSDI paper [1] – Obtained the logical topology of six different communication networks from TopologyZoo dataset – Implemented each network in five HP SDN-compatible switches – In each switch, we grouped physical ports into VLANs (virtual local area network), each of which represents a logical switch; connect VLANs by Ethernet cables – Built Docker instances in seven HP servers as end hosts • Need to enhance each server with Ethernet ports – Implemented DNP3 master and slaves based on opendnp3 library • Alternative approach: use cloud infrastructure, e.g., NSF Geni testbed – Need to configure virtual switches manually – The number of hardware switches are very limited [1] W. Zhou et al., “Enforcing customizable consistency properties in software-defined 8 networks,” in 12th USENIX NSDI, 2015.

  12. Implementation – PFV • PFV: use interaction of real • Virtual node template devices to build virtual nodes – Static configuration of – Virtual node template target network – Profile of seed devices • Profile of physical – Packet hooking component devices – Dynamic behavior at network-layer • Packet hooking component – Construct the outbound packets of virtual nodes – Follow the probabilistic behavior of real devices 9

  13. Implementation – PFV • PFV: use interaction of real • Virtual node template devices to build virtual nodes – Static configuration of – Virtual node template target network – Profile of seed devices • Profile of physical – Packet hooking component devices – Dynamic behavior at network-layer • Packet hooking component – Construct the outbound packets of virtual nodes – Follow the probabilistic behavior of real devices 9

  14. Implementation – PFV • PFV: use interaction of real • Virtual node template devices to build virtual nodes – Static configuration of – Virtual node template target network – Profile of seed devices • Profile of physical – Packet hooking component devices – Dynamic behavior at network-layer • Packet hooking component – Construct the outbound packets of virtual nodes – Follow the probabilistic behavior of real devices 9

  15. Implementation – PFV • PFV: use interaction of real • Virtual node template devices to build virtual nodes – Static configuration of – Virtual node template target network – Profile of seed devices • Profile of physical – Packet hooking component devices – Dynamic behavior at network-layer • Packet hooking component – Construct the outbound packets of virtual nodes – Follow the probabilistic behavior of real devices 9

  16. Implementation – PFV • PFV: use interaction of real • Virtual node template devices to build virtual nodes – Static configuration of – Virtual node template target network – Profile of seed devices • Profile of physical – Packet hooking component devices – Dynamic behavior at network-layer • Packet hooking component – Construct the outbound packets of virtual nodes – Follow the probabilistic behavior of real devices 9

  17. Implementation – PFV • PFV: use interaction of real • Virtual node template devices to build virtual nodes – Static configuration of – Virtual node template target network – Profile of seed devices • Profile of physical – Packet hooking component devices – Dynamic behavior at network-layer • Packet hooking component – Construct the outbound packets of virtual nodes – Follow the probabilistic behavior of real devices 9

  18. Implementation – PFV • PFV: use interaction of real • Implemented based on devices to build virtual nodes SDN (software-defined – Virtual node template networking) – Profile of seed devices – Follow implementation – Packet hooking component found in both security and network communities – ONOS, open source network operating system used in commercial networks – Implemented an encoder/decoder of DNP3 in ONOS core services – Implemented software modules loaded by ONOS core services 10

  19. Attack Misleading Policy for Physical Infrastructure • RO3: craft decoy data as the application-layer payload of network packets from virtual nodes – Mislead adversaries into designing ineffective attacks – Satisfy physical model of power grids 11

  20. Attack Misleading Policy for Physical Infrastructure • RO3: craft decoy data as the application-layer payload of network packets from virtual nodes – Mislead adversaries into designing ineffective attacks – Satisfy physical model of power grids • We use the theoretical model of false data injection attack (FDIAs) as a case study 11

  21. Attack Misleading Policy for Physical Infrastructure • RO3: craft decoy data as the application-layer payload of network packets from virtual nodes – Mislead adversaries into designing ineffective attacks – Satisfy physical model of power grids • We use the theoretical model of An example power grid false data injection attack (FDIAs) as a case study – With accurate knowledge of power grids’ topology, active attacks can compromise measurements without raising alerts in state estimation • Measurement errors are less than a detection threshold 11

  22. Attack Misleading Policy for Physical Infrastructure • RO3: craft decoy data as the application-layer payload of network packets from virtual nodes – Mislead adversaries into designing ineffective attacks – Satisfy physical model of power grids • We use the theoretical model of An example power grid false data injection attack (FDIAs) as a case study – With accurate knowledge of power grids’ topology, active attacks can compromise measurements without raising alerts in state estimation • Measurement errors are less than a detection threshold – With misleading knowledge of power grids’ topology, active attacks raise The power grid with decoy data alerts in state estimation observed by adversaries • Measurement errors are 5,000 times of the detection threshold 11

Recommend

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids Cyber-Physical Infrastructures Hui Lin 1 , Jianing Zhuang 1 , Yih-Chun Hu 2 , Huayu Zhou 1 1 University of Nevada, Reno 2 University of Illinois,

344 views • 16 slides
Network Virtualization What is Network Virtualization? Abstraction of the physical network

Network Virtualization What is Network Virtualization? Abstraction of the physical network

Network Virtualization What is Network Virtualization? Abstraction of the physical network Support for multiple logical networks running on a common shared physical substrate A container of network services Aspects of the

589 views • 21 slides
Virtualization and SDN Applications 2 Virtualization Network Virtualization Sharing

Virtualization and SDN Applications 2 Virtualization Network Virtualization Sharing

4/1/2013 Virtualization and SDN Applications 2 Virtualization Network Virtualization Sharing physical hardware or software resources by Share physical network resources to form multiple multiple users and/or use cases diverse virtual

511 views • 5 slides
Virtualization Virtualization Memory virtualization Process feels like it has its own

Virtualization Virtualization Memory virtualization Process feels like it has its own

4/25/08 Virtualization Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view of disks connected to a machine External

441 views • 8 slides
Virtualization What is Virtualization? Virtualization is the simulation of the software and/

Virtualization What is Virtualization? Virtualization is the simulation of the software and/

Virtualization What is Virtualization? Virtualization is the simulation of the software and/ or hardware upon which other software runs. This simulated environment is called a virtual machine --Wikipedia 2 Computer Systems Arch.

1.26k views • 26 slides
Finding the Optimal Reconfiguration for Network Function Virtualization Orchestration with

Finding the Optimal Reconfiguration for Network Function Virtualization Orchestration with

Finding the Optimal Reconfiguration for Network Function Virtualization Orchestration with Time-varied Workload Satyajit Padhy, Jerry Chou National Tsing Hua University The Third International Workshop on Systems and Network Telemetry and

725 views • 26 slides
Recursive Monitoring Language in Network Function Virtualization (NFV) Infrastructure

Recursive Monitoring Language in Network Function Virtualization (NFV) Infrastructure

Recursive Monitoring Language in Network Function Virtualization (NFV) Infrastructure draft-cai-nfvrg-recursive-monitor-00 Xuejun Cai Catalin Meirosu Gregory Mirsky The research leading to these results has received funding from the European

443 views • 10 slides
Flexible Building Blocks for Software Defined Network Function Virtualization

Flexible Building Blocks for Software Defined Network Function Virtualization

Introduction Solution Evaluation Summary Flexible Building Blocks for Software Defined Network Function Virtualization (Tenant-Programmable Virtual Networks) Aryan TaheriMonfared Chunming Rong Department of Electrical Engineering and

1.76k views • 37 slides
Future Internet Chapter 5: Network Function Virtualization 5b: Foundations & Algorithms

Future Internet Chapter 5: Network Function Virtualization 5b: Foundations & Algorithms

Future Internet Chapter 5: Network Function Virtualization 5b: Foundations & Algorithms Holger Karl Computer Networks Group Universitt Paderborn Goals of this session Previous session has dealt with motivating examples and

941 views • 70 slides
Future Internet Chapter 5: Network Function Virtualization 5a: Basics Holger Karl Computer

Future Internet Chapter 5: Network Function Virtualization 5a: Basics Holger Karl Computer

Future Internet Chapter 5: Network Function Virtualization 5a: Basics Holger Karl Computer Networks Group Universitt Paderborn Overview Technical trends & motivation Reference architectures: ETSI, IETF Problems to solve

647 views • 47 slides
CompSci 514: Computer Networks Lecture 16: Network Function Virtualization Xiaowei Yang Adapted

CompSci 514: Computer Networks Lecture 16: Network Function Virtualization Xiaowei Yang Adapted

CompSci 514: Computer Networks Lecture 16: Network Function Virtualization Xiaowei Yang Adapted from Prof. Srinivasa Seshans lecture slides Overview NFV Motivation NFV case study More NFV challenges and solutions Optional

609 views • 35 slides
AMD Pacifica Virtualization Technology AMD Unveils Virtualization Platform AMD Pacifica

AMD Pacifica Virtualization Technology AMD Unveils Virtualization Platform AMD Pacifica

AMD Pacifica Virtualization Technology AMD Unveils Virtualization Platform AMD Pacifica Tutorial 2 Virtual Machine Approaches Carve a Server into Many Virtual Machines Hosted Hypervisor-based Virtualization Virtualization App App

539 views • 18 slides
Distributed Network Function Virtualization Fred Oliveira, Fellow at Verizon Sarath Kumar,

Distributed Network Function Virtualization Fred Oliveira, Fellow at Verizon Sarath Kumar,

Distributed Network Function Virtualization Fred Oliveira, Fellow at Verizon Sarath Kumar, Software Engineer at Big Switch Networks Rimma Iontel, Senior Architect at Red Hat Outline What is Distributed NFV? Why do we need

290 views • 17 slides
4/22/2009 Virtualization Memory virtualization Process feels like it has its own address

4/22/2009 Virtualization Memory virtualization Process feels like it has its own address

4/22/2009 Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Distributed Systems Storage virtualization Logical view of disks connected to a machine

407 views • 3 slides
What about Virtualization? Basic Goals Basic goals: Stephen Hand et al (Xen,

What about Virtualization? Basic Goals Basic goals: Stephen Hand et al (Xen,

Cyber-Physical Systems (CPS) OS / Middleware for Cyber-Physical New innovations needed for software infrastructures Systems Communication, computation & physical system aspects to be considered Example applications: Richard West

274 views • 3 slides
Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare

Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare

Virtualization. A dream within a dream Type 1 Virtualization Hypervisor run on bare metal. Dedicated virtualization machine. Higher performance. Typical for servers. Type 2 Virtualization Hypervisor sits on

571 views • 17 slides
Virtualization and Containerization What is Virtualization? What is Containerization? What does

Virtualization and Containerization What is Virtualization? What is Containerization? What does

Virtualization and Containerization What is Virtualization? What is Containerization? What does this do for us? Virtual Machines: Terminology Types of Hypervisors VirtualBox and VMWare

2.8k views • 30 slides
Virtualization Technology Zhiming Shen Virtualization: rejuvenation 1960s: first track of

Virtualization Technology Zhiming Shen Virtualization: rejuvenation 1960s: first track of

Virtualization Technology Zhiming Shen Virtualization: rejuvenation 1960s: first track of virtualization Time and resource sharing on expensive mainframes IBM VM/370 Late 1970s and early 1980s: became unpopular Cheap

924 views • 34 slides
Physical Activity and Physical Function in Older Adults with Multiple Sclerosis Katie Cederberg,

Physical Activity and Physical Function in Older Adults with Multiple Sclerosis Katie Cederberg,

Physical Activity and Physical Function in Older Adults with Multiple Sclerosis Katie Cederberg, MS; Robert W. Motl, PhD; Edward McAuley, PhD Worldwide Shift in the Age Distribution of Persons with multiple sclerosis (MS) Peak Prevalence:

565 views • 22 slides
MS and Physical Activity(PA) 1 6/18/2015 Physical Inactivity Subjective and objective

MS and Physical Activity(PA) 1 6/18/2015 Physical Inactivity Subjective and objective

6/18/2015 The effects of Yoga on impairments of body function, activity limitations and participation for people with MS: A review Blthn Casey PhD Candidate University of Limerick, Ireland. MS and Physical Activity(PA) 1 6/18/2015 Physical

380 views • 14 slides
Hardware / Virtualization / Architectures Foundations of the cloud Implementing Virtualization

Hardware / Virtualization / Architectures Foundations of the cloud Implementing Virtualization

Hardware / Virtualization / Architectures Foundations of the cloud Implementing Virtualization Technologies Cloud Computing relies heavily on the concept of virtualization In fact not possible without it. But they are separate

835 views • 32 slides
Linux Virtualization Kir Kolyshkin <kir@openvz.org> OpenVZ project manager What is

Linux Virtualization Kir Kolyshkin <kir@openvz.org> OpenVZ project manager What is

Linux Virtualization Kir Kolyshkin <kir@openvz.org> OpenVZ project manager What is virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level of indirection or an abstraction layer between a

388 views • 27 slides
IO Virtualization Kedar & Ozzie Overview Benefits Challenges Full Virtualization

IO Virtualization Kedar & Ozzie Overview Benefits Challenges Full Virtualization

IO Virtualization Kedar & Ozzie Overview Benefits Challenges Full Virtualization Paravirtualization Front-ends, Back-ends Pass through mode Virtualization : Review Create a Virtual machine that can emulate

327 views • 20 slides
Physical Attack Protection with Human-Secure Virtualization in Data Centers Jakub Szefer ,

Physical Attack Protection with Human-Secure Virtualization in Data Centers Jakub Szefer ,

Physical Attack Protection with Human-Secure Virtualization in Data Centers Jakub Szefer , Pramod Jamkhedkar, Yu-Yuan Chen and Ruby B. Lee Princeton University WORCS 2012 July 25, 2012 contact: szefer@princeton.edu Data Centers as

686 views • 36 slides

More recommend